Method for operating a security device

ABSTRACT

A method for operating a security device includes a microcontroller, a protected memory area, in which at least one item of protection-worthy information is stored, and a unit, the microcontroller being connected to the protected memory area via the unit, the at least one item of protection-worthy information being accessed by the microcontroller via the unit when the method is carried out.

FIELD OF THE INVENTION

The present invention relates to a method for operating a securitydevice and to a security device.

BACKGROUND INFORMATION

If it is generally provided to use a product which handles and/orincludes sensitive and/or protection-worthy data in a non-secureenvironment, the sensitive data in the product must be protected againstmisuse.

In terms of the circuitry, the circuit must be designed or laid out insuch a way that it has no error sources which a hacker may be able touse to access the sensitive information. At least two approaches areknown for achieving this.

According to a first approach, a special circuit may be used which has ahighly compact design and is engineered only for a specific purpose. Thecompact design, which is inexpensive to manufacture and may be easilykept free of errors, is suitable for this application. However, theoccurrence of errors results in substantial additional costs, since acomplete redesign is required. However, special circuits of this typeremain state of the art at the time of their production. Since upgradesordinarily exist, special circuits of this type usually have only ashort service life; phone cards thus have an expiration date. Althoughthe balance is not lost once the expiration date is reached, it must betransferred to a new phone card. Such an approach is therefore notsuitable for long-lived products, such as for a control unit in avehicle.

Furthermore, according to a second approach, so-called generic circuitsare used which have a programmable microcontroller (μC) including acoprocessor, which is designed for processing sensitive data. In thiscase, errors are comparatively easy to remedy, since only the softwarehas to be changed. Algorithms may also be changed by replacing software.To modify or check the software, however, it is necessary to access thecircuit or a corresponding system. This access may be provided via adebug interface and thus via an interface for diagnosing errors.

However, the debug interface represents an additional source of errorsand must itself be protected separately. The aforementioned genericcircuit is also expensive, due to its complexity.

SUMMARY OF THE INVENTION

The present invention may be used, among other things, to maintain thesecrecy of keys in debuggable hardware, i.e., hardware which may be usedto diagnose, localize, and eliminate errors.

According to the present invention, it is also provided that amicrocontroller (μC) within the security device is allowed to accessprotection-worthy information, for example keys, only in relation to aspecific purpose.

A security device according to the present invention, i.e., a securitymodule, may be integrated, for example, into a control unit for avehicle. A special circuit, as described as the first approach accordingto the related art, is not suitable for this purpose, since the controlunits are in use for a very long period of time and it is not possible,in principle, to replace a special circuit of this type.

The generic circuit mentioned as the second approach according to therelated art absolutely requires a debugging access for checking returnsor to be able to even develop the software without excessively highcosts. However, original equipment manufacturers (OEMs) who use thecontrol units later on require Robert Bosch GmbH to be unable to readthe keys out at a later time.

However, this conflicts with the concept of a generic, debuggablecircuit, since full control of the microcontroller (μC) typicallyenables access to all data in the security device or in the system.

One way to prevent this is to strongly link the keys to be protected totheir purpose, i.e., to the decryption and encryption of data, and tomake it impossible to perform additional operations on the circuitrylevel.

The security device according to the present invention is designed tocarry out all steps in the method provided. Individual steps in thismethod may also be carried out by individual components of the securitydevice. Furthermore, functions of the security device or functions ofindividual components of the security device may be implemented asmethod steps. It is also possible to implement method steps as functionsof at least one component of the security device or as functions of theoverall security device.

BRIEF DESCRIPTION OF THE DRAWING

FIG. 1 shows a schematic representation of a specific embodiment of asecurity device according to the present invention.

DETAILED DESCRIPTION

The specific embodiment of a security device 2 according to the presentinvention, which is illustrated schematically in FIG. 1, includes amicrocontroller 4 which is provided in this case via a data transmissiondevice 6 designed as a bus and having a unit 8 for encrypting and/ordecrypting data This unit 8 may be designed, for example according tothe Advanced Encryption Standard (AES), a symmetrical cryptographysystem. Unit 8 may be typically designed to carry out any symmetricaland/or at least partially asymmetrical encryption and/or decryptionmethod. Via an interface 10, among other things, only unit 8 has accessto a protected memory area 12 via which protection-worthy items ofinformation 14, 16, 18, 20 designed in this case as keys are stored inregisters provided for this purpose. A first protection-worthy item ofinformation 14 is designed as main key “key_(—1.)” The otherprotection-worthy items of information 16, 18, 20 are designed asconventional keys “key_n1,” “key_n2,” “key_nk.” All conventional keys“key_n1” through “key_nk” are designed to carry out cryptographicmethods and thus to encrypt and decrypt data.

In the specific embodiment illustrated, main key “key₁₃ 1” is designedonly to introduce new conventional keys into security device 2.Therefore, main key “key_1” may not be used to decrypt items ofinformation 16, 18, 20 or corresponding data, such as payload data. In afurther embodiment of the present invention, it may be provided thatencrypting and/or decrypting items of information 16, 18, 20 or datais/are suppressed on a first level for keys derived directly from mainkey “key_1” and allowed only starting on a further level.

Within security device 2, microcontroller 4 is connected to encryptionunit 8, which is designed as an encryption coprocessor, via the bus, anyother connection also being possible. Microcontroller 4 is unable todirectly access items of information 14, 16, 18, 20 designed as keys(“key_1,” key_n1 through “key_nk”) and required for encryption due tocircuitry means. In the implementation described, there is no logicalpath from memory area 12 to microcontroller 4 past encryption unit 8.

If it is provided to encrypt or decrypt a datum using microcontroller 4,this is communicated to encryption unit 8 via a key index, for example:encrypt datum “important text” using key “key_nx.”

However, microcontroller 4 may not write to main key “key_1,” which mayalso be designated “ROM key.” In the embodiment, it may be provided,without limiting security, to write directly only to conventional keys“key_n1” through “key_nk.” However, it is ensured in this case that akey which was previously stored in the register may not be onlypartially overwritten or completely deleted before a write command isexecuted in this register.

it is typically provided that microcontroller 4 may not gain knowledgeof the keys, which also applies to write operations. Writing/replacing akey is possible only in encrypted form. To replace a key, the key isfirst encrypted. Special main key “key_1” exists for this purpose. Onceagain, microcontroller 4 is prevented by circuitry means from using thismain key to encrypt/decrypt data.

If a key, such as “key_n4,” is to be replaced, this key is encryptedusing main key “key_1.” A block which is formed here (enc(key_1,key_n4new)) is transferred to microcontroller 4. Because it has noknowledge of main key “key_1,” the microcontroller is unable toascertain new key “key_n4new.” The block is transferred to encryptionunit 8 by microcontroller 4. Unit 8 may use main key “key_1” to decryptthe block and to overwrite key “key_n4” to be replaced with new key“key_n4new.” A key is thus replaced, for example according to theprotocol described here.

In a first variant of the specific embodiment described, main key“key_1” is created externally and introduced as an individual key at theend of the line during the manufacture of security device 2.

In a second variant, main key “key_1” may be modified if main key“key_1” is known. According to a third variant, main key “key_1” may beoverwritten by any other known key or by another fixed known key. Inthis case, the keys also need a status indicator to show their validity(validity flag) or a “magic number” and thus a special value todemonstrate whether the key is valid or whether a corresponding registerin memory area 12 or in the key memory is empty.

In the embodiment, microcontroller 4 is connected to memory area 2 onlyvia unit 8 for encrypting and/or decrypting data. Due to this measure,microcontroller 4 may be prevented from writing directly to memory area12 in which items of information 14, 16, 18, which are designed as keys,are stored within the registers. As an alternative or in addition, onlylimiting read access to memory area 12 may be provided.

1. A method for operating a security device which includes amicrocontroller, a protected memory area, in which at least one item ofprotection-worthy information is stored, and a unit for encryptingand/or decrypting data, the microcontroller being connected to theprotected memory area via the unit, the method comprising: accessing theat least one item of protection-worthy information by themicrocontroller via the unit.
 2. The method according to claim 1,wherein, to encrypt or decrypt at least one datum, the microcontrollertransfers a corresponding query to the unit via a key index, and the atleast one datum is encrypted or decrypted by the unit via at least oneitem of protection-worthy information designed as a key.
 3. The methodaccording to claim 2, wherein, to write at least one new item ofprotection-worthy information to the protected memory area, a block istransferred to the microcontroller, in which the at least one item ofprotection-worthy information is encrypted by a key which is stored inthe memory area as at least one item of protection-worthy information,the block being transferred to the unit by the microcontroller, and thenew item of protection-worthy information being decrypted by the unit.4. The method according to claim 3, wherein at least one old item ofprotection-worthy information stored in the protected memory area isoverwritten and thus replaced by the at least one new item ofprotection-worthy information.
 5. The method according to claim 2,wherein, to export at least one item of protection-worthy informationfrom the protected memory area, the at least one item ofprotection-worthy information is encrypted by the unit using at leastone item of protection-worthy information designed as a key, forming ablock, the formed block being transferred to the microcontroller by theunit.
 6. The method according to claim 2, wherein an item ofprotection-worthy information designed as a main key is used to encryptor decrypt an item of protection-worthy information designed as a key.7. A security device comprising: a microcontroller; a protected memoryarea for storing at least one item of protection-worthy information; anda unit for at least one of encrypting data and decrypting data, themicrocontroller being connected to the protected memory area via theunit and being able to access the at least one item of protection-worthyinformation via the unit.
 8. The security device according to claim 7,wherein the at least one item of protection-worthy information isdesigned as a key.
 9. The security device according to claim 8, whereinthe at least one item of protection-worthy information is designed as amain key, the main key being designed to encrypt and decrypt at leastone key in the form of the at least one item of protection-worthyinformation.